Fizzy
ReviewAudited by ClawScan on May 1, 2026.
Overview
Fizzy is coherent for managing Fizzy work items, but users should notice that it requires installing a third-party CLI and using a read/write Fizzy API token.
Install only if you trust the referenced Fizzy CLI and are comfortable giving it a Fizzy read/write token. Prefer a limited token/account or default board, protect any config file containing the token, and review requested create/update actions before allowing changes to important Fizzy data.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If configured with a broad token, the skill can access and modify Fizzy boards, cards, comments, steps, and reactions available to that token.
The skill needs a Fizzy API token capable of both reading and changing account data. This matches the stated management purpose, but it grants meaningful authority over the user's Fizzy workspace.
Generate a new token with Read + Write permissions
Use the least-privileged Fizzy token available, limit it to the intended account or board where possible, store it securely, and revoke it when no longer needed.
Using the skill requires trusting the referenced Fizzy CLI package and its update channel.
The runtime instructions depend on an external Homebrew-distributed CLI even though the registry says there is no install spec. Installing the CLI is central to the skill's purpose, but it is still a supply-chain dependency users should recognize.
brew install robzolkos/fizzy-cli/fizzy-cli
Review the Homebrew tap/package source before installing, keep it updated from a trusted source, and avoid installing it on systems where you cannot trust that package.